The latest CompTIA Security+ (SY0-501) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the CompTIA Security+ (SY0-501) exam and earn CompTIA Security+ (SY0-501) certification.
CompTIA Security+ (SY0-501) Exam Questions and Answers
Exam Question 801
Which of the following is the MOST significant difference between intrusive and non-intrusive vulnerability scanning?
A. One uses credentials, but the other does not.
B. One has a higher potential for disrupting system operations.
C. One allows systems to activate firewall countermeasures.
D. One returns service banners, including running versions.
Correct Answer:
B. One has a higher potential for disrupting system operations.
Exam Question 802
A security analyst is running a credential-based vulnerability scanner on a Windows host. The vulnerability scanner is using the protocol NetBIOS over TCP/IP to connect to various systems, However, the scan does not return any results. To address the issue, the analyst should ensure that which of the following default ports is open on systems?
A. 135
B. 137
C. 3389
D. 5060
Correct Answer:
B. 137
Exam Question 803
A network administrator is implementing multifactor authentication for employees who travel and use company devices remotely by using the company VPN. Which of the following would provide the required level of authentication?
A. 802.1X and OTP
B. Fingerprint scanner and voice recognition
C. RBAC and PIN
D. Username/Password and TOTP
Correct Answer:
A. 802.1X and OTP
Exam Question 804
A preventive control differs from a compensating control in that a preventive control is:
A. put in place to mitigate a weakness in a user control.
B. deployed to supplement an existing control that is EOL.
C. relied on to address gaps in the existing control structure.
D. designed to specifically mitigate a risk.
Correct Answer:
C. relied on to address gaps in the existing control structure.
Exam Question 805
A security administrator is investigating a report that a user is receiving suspicious emails. The user’s machine has an old functioning modem installed. Which of the following security concerns need to be identified and mitigated? (Choose two.)
A. Vishing
B. Whaling
C. Spear phishing
D. Pharming
E. War dialing
F. Hoaxing
Correct Answer:
E. War dialing
F. Hoaxing
Exam Question 806
Which of the following is unique to a stream cipher?
A. It encrypt 128 bytes at a time.
B. It uses AES encryption.
C. It performs bit-level encryption.
D. It is used in HTTPS.
Correct Answer:
C. It performs bit-level encryption.
Exam Question 807
A company moved into a new building next to a sugar mill. Cracks have been discovered in the walls of the server room, which is located on the same side as the sugar mill loading docks. The cracks are believed to have been caused by heavy trucks. Moisture has begun to seep into the server room, causing extreme humidification problems and equipment failure. Which of the following BEST describes the type of threat the organization faces?
A. Foundational
B. Man-made
C. Environmental
D. Natural
Correct Answer:
A. Foundational
Exam Question 808
Which of the following represents a multifactor authentication system?
A. An iris scanner coupled with a palm print reader and fingerprint scanner with liveness detection.
B. A secret passcode that prompts the user to enter a secret key if entered correctly.
C. A digital certificate on a physical token that is unlocked with a secret passcode.
D. A one-time password token combined with a proximity badge.
Correct Answer:
D. A one-time password token combined with a proximity badge.
Exam Question 809
An administrator is disposing of media that contains sensitive information. Which of the following will provide the MOST effective method to dispose of the media while ensuring the data will be unrecoverable?
A. Wipe the hard drive.
B. Shred the hard drive.
C. Sanitize all of the data.
D. Degauss the hard drive.
Correct Answer:
B. Shred the hard drive.
Exam Question 810
Which of the following documents would provide specific guidance regarding ports and protocols that should be disabled on an operating system?
A. Regulatory requirements
B. Secure configuration guide
C. Application installation guides
D. User manuals
Correct Answer:
B. Secure configuration guide